fix references to README docs

Author: hexcoder-

afl-cmin.bash

@@ -126,7 +126,7 @@ Minimization settings:
   -C            - keep crashing inputs, reject everything else
   -e            - solve for edge coverage only, ignore hit counts
 
-For additional tips, please consult docs/README.
+For additional tips, please consult docs/README.md.
 
 Environment variables used:
 AFL_KEEP_TRACES: leave the temporary <out_dir>\.traces directory

docs/Changelog.md

@@ -1,7 +1,7 @@
 # Changelog
 
   This is the list of all noteworthy changes made in every public release of
-  the tool. See README for the general instruction manual.
+  the tool. See README.md for the general instruction manual.
 
 ## Staying informed
 
@@ -45,7 +45,7 @@ sending a mail to <[email protected]>.
      - now does not need to be recompiled between trace-pc and pass
        instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
      - LLVM 11 is supported
-     - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog)
+     - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog.md)
   - afl-gcc, afl-clang-fast, afl-gcc-fast:
      - experimental support for undefined behaviour sanitizer UBSAN
        (set AFL_USE_UBSAN=1)
@@ -189,7 +189,7 @@ sending a mail to <[email protected]>.
   - fix llvm_mode AFL_TRACE_PC with modern llvm
   - fix a crash in qemu_mode which also exists in stock afl
   - added libcompcov, a laf-intel implementation for qemu! :)
-    see qemu_mode/libcompcov/README.libcompcov
+    see qemu_mode/libcompcov/README.libcompcov.md
   - afl-fuzz now displays the selected core in the status screen (blue {#})
   - updated afl-fuzz and afl-system-config for new scaling governor location
     in modern kernels
@@ -198,8 +198,8 @@ sending a mail to <[email protected]>.
   - if llvm_mode was compiled, afl-clang/afl-clang++ will point to these
     instead of afl-gcc
   - added instrim, a much faster llvm_mode instrumentation at the cost of
-    path discovery. See llvm_mode/README.instrim (https://github.com/csienslab/instrim)
-  - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt
+    path discovery. See llvm_mode/README.instrim.md (https://github.com/csienslab/instrim)
+  - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt.md
   - added code to make it more portable to other platforms than Intel Linux
   - added never zero counters for afl-gcc and optionally (because of an
     optimization issue in llvm < 9) for llvm_mode (AFL_LLVM_NEVER_ZERO=1)
@@ -229,11 +229,11 @@ sending a mail to <[email protected]>.
     LLVM and Qemu modes are now faster.
     Important changes:
       afl-fuzz: -e EXTENSION commandline option
-      llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel)
-      a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.txt
+      llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel.md)
+      a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.md
   - Added the power schedules of AFLfast by Marcel Boehme, but set the default
     to the AFL schedule, not to the FAST schedule. So nothing changes unless
-    you use the new -p option :-) - see docs/power_schedules.txt
+    you use the new -p option :-) - see docs/power_schedules.md
   - added afl-system-config script to set all system performance options for fuzzing
   - llvm_mode works with llvm 3.9 up to including 8 !
   - qemu_mode got upgraded from 2.1 to 3.1 - incorporated from 
@@ -476,7 +476,7 @@ sending a mail to <[email protected]>.
   - Added libtokencap, a simple feature to intercept strcmp / memcmp and
     generate dictionary entries that can help extend coverage.
 
-  - Moved libdislocator to its own dir, added README.
+  - Moved libdislocator to its own dir, added README.md.
 
   - The demo in examples/instrumented_cmp is no more.
 

docs/QuickStartGuide.md

@@ -27,7 +27,7 @@ how to hit the ground running:
 
 4) Get a small but valid input file that makes sense to the program. When
    fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in
-   dictionaries/README.dictionaries, too.
+   dictionaries/README.md, too.
 
 5) If the program reads from stdin, run 'afl-fuzz' like so:
 

docs/env_variables.md

@@ -2,7 +2,7 @@
 
   This document discusses the environment variables used by American Fuzzy Lop++
   to expose various exotic functions that may be (rarely) useful for power
-  users or for some types of custom fuzzing setups. See README for the general
+  users or for some types of custom fuzzing setups. See README.md for the general
   instruction manual.
 
 ## 1) Settings for afl-gcc, afl-clang, and afl-as - and gcc_plugin afl-gcc-fast

docs/life_pro_tips.md

@@ -62,7 +62,7 @@ Specify `AFL_HARDEN=1` in the environment to enable hardening flags.
 
 ## Bumping into problems with non-reproducible crashes? 
 It happens, but usually
-isn't hard to diagnose. See section #7 in README for tips.
+isn't hard to diagnose. See section #7 in README.md for tips.
 
 ## Fuzzing is not just about memory corruption issues in the codebase. 
 Add some
@@ -87,4 +87,4 @@ use a postprocessor! See examples/post_library/ for more.
 
 ## Dealing with a very slow target or hoping for instant results? 
 
-Specify `-d` when calling afl-fuzz!
+Specify `-d` when calling afl-fuzz!

docs/notes_for_asan.md

@@ -1,7 +1,7 @@
 # Notes for using ASAN with afl-fuzz
 
   This file discusses some of the caveats for fuzzing under ASAN, and suggests
-  a handful of alternatives. See README for the general instruction manual.
+  a handful of alternatives. See README.md for the general instruction manual.
 
 ## 1) Short version
 

docs/parallel_fuzzing.md

@@ -1,7 +1,7 @@
 # Tips for parallel fuzzing
 
   This document talks about synchronizing afl-fuzz jobs on a single machine
-  or across a fleet of systems. See README for the general instruction manual.
+  or across a fleet of systems. See README.md for the general instruction manual.
 
 ## 1) Introduction
 

docs/perf_tips.md

@@ -1,7 +1,7 @@
 ## Tips for performance optimization
 
   This file provides tips for troubleshooting slow or wasteful fuzzing jobs.
-  See README for the general instruction manual.
+  See README.md for the general instruction manual.
 
 ## 1. Keep your test cases small
 
@@ -221,4 +221,4 @@ early on, you can always resort to the `-d` mode.
 The mode causes `afl-fuzz` to skip all the deterministic fuzzing steps, which
 makes output a lot less neat and can ultimately make the testing a bit less
 in-depth, but it will give you an experience more familiar from other fuzzing
-tools.
+tools.

docs/sister_projects.md

@@ -1,7 +1,7 @@
 # Sister projects
 
 This doc lists some of the projects that are inspired by, derived from,
-designed for, or meant to integrate with AFL. See README for the general
+designed for, or meant to integrate with AFL. See README.md for the general
 instruction manual.
 
 !!!
@@ -252,7 +252,7 @@ https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters
 ### AFL JS (Han Choongwoo)
 
 One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely
-superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm).
+superseded by LLVM deferred forkserver init - see llvm_mode/README.md).
 
 https://github.com/tunz/afl-fuzz-js
 

docs/status_screen.md

@@ -1,7 +1,7 @@
 # Understanding the status screen
 
 This document provides an overview of the status screen - plus tips for
-troubleshooting any warnings and red text shown in the UI. See README for
+troubleshooting any warnings and red text shown in the UI. See README.md for
 the general instruction manual.
 
 ## A note about colors

docs/technical_details.md

@@ -1,7 +1,7 @@
 # Technical "whitepaper" for afl-fuzz
 
 This document provides a quick overview of the guts of American Fuzzy Lop.
-See README for the general instruction manual; and for a discussion of
+See README.md for the general instruction manual; and for a discussion of
 motivations and design goals behind AFL, see historical_notes.md.
 
 ## 0. Design statement
@@ -542,4 +542,4 @@ It uses the following classification scheme:
     takes place.
   - "Magic value section" - a generic token where changes cause the type
     of binary behavior outlined earlier, but that doesn't meet any of the
-    other criteria. May be an atomically compared keyword or so.
+    other criteria. May be an atomically compared keyword or so.

gcc_plugin/afl-gcc-rt.o.c

@@ -214,7 +214,7 @@ static void __afl_start_forkserver(void) {
 
 }
 
-/* A simplified persistent mode handler, used as explained in README.llvm. */
+/* A simplified persistent mode handler, used as explained in README.md. */
 
 int __afl_persistent_loop(unsigned int max_cnt) {
 

libdislocator/README.md

@@ -1,6 +1,6 @@
 # libdislocator, an abusive allocator
 
-  (See ../docs/README for the general instruction manual.)
+  (See ../docs/README.md for the general instruction manual.)
 
 This is a companion library that can be used as a drop-in replacement for the
 libc allocator in the fuzzed binaries. It improves the odds of bumping into

libtokencap/README.md

@@ -1,6 +1,6 @@
 # strcmp() / memcmp() token capture library
 
-  (See ../docs/README for the general instruction manual.)
+  (See ../docs/README.md for the general instruction manual.)
 
 This companion library allows you to instrument `strcmp()`, `memcmp()`,
 and related functions to automatically extract syntax tokens passed to any of

llvm_mode/README.md

@@ -2,7 +2,7 @@
 
   (See [../README](../README.md) for the general instruction manual.)
 
-  (See [../gcc_plugin/README.gcc](../gcc_plugin/README.gcc.md) for the GCC-based instrumentation.)
+  (See [../gcc_plugin/README](../gcc_plugin/README.md) for the GCC-based instrumentation.)
 
 ## 1) Introduction
 

llvm_mode/afl-llvm-rt.o.c

@@ -260,7 +260,7 @@ static void __afl_start_forkserver(void) {
 
 }
 
-/* A simplified persistent mode handler, used as explained in README.llvm. */
+/* A simplified persistent mode handler, used as explained in llvm_mode/README.md. */
 
 int __afl_persistent_loop(unsigned int max_cnt) {
 
@@ -346,7 +346,7 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) {
 
 /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard.
    It remains non-operational in the traditional, plugin-backed LLVM mode.
-   For more info about 'trace-pc-guard', see README.llvm.
+   For more info about 'trace-pc-guard', see llvm_mode/README.md.
 
    The first function (__sanitizer_cov_trace_pc_guard) is called back on every
    edge (as opposed to every basic block). */

qemu_mode/README.md

@@ -1,6 +1,6 @@
 # High-performance binary-only instrumentation for afl-fuzz
 
-  (See ../docs/README for the general instruction manual.)
+  (See ../docs/README.md for the general instruction manual.)
 
 ## 1) Introduction
 
@@ -60,7 +60,7 @@ binary on x86_64) use QEMU_LD_PREFIX.
 
 ## 3) Bonus feature #1: deferred initialization
 
-As for LLVM mode (refer to its README for mode details) QEMU mode supports
+As for LLVM mode (refer to its README.md for mode details) QEMU mode supports
 the deferred initialization.
 
 This can be enabled setting the environment variable AFL_ENTRYPOINT which allows

qemu_mode/libcompcov/libcompcov.so.c

@@ -15,7 +15,7 @@
 
    This Linux-only companion library allows you to instrument strcmp(),
    memcmp(), and related functions to get compare coverage.
-   See README.compcov for more info.
+   See README.md for more info.
 
  */
 

qemu_mode/patches/afl-qemu-cpu-inl.h

@@ -407,7 +407,7 @@ void afl_forkserver(CPUState *cpu) {
 
 }
 
-/* A simplified persistent mode handler, used as explained in README.llvm. */
+/* A simplified persistent mode handler, used as explained in llvm_mode/README.md. */
 
 void afl_persistent_loop(void) {
 

src/afl-analyze.c

@@ -798,7 +798,7 @@ static void usage(u8* argv0) {
 
       "  -e            - look for edge coverage only, ignore hit counts\n\n"
 
-      "For additional tips, please consult %s/README.\n\n",
+      "For additional tips, please consult %s/README.md.\n\n",
 
       argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
 

src/afl-common.c

@@ -163,7 +163,7 @@ char** get_qemu_argv(u8* own_loc, char** argv, int argc) {
   SAYF("\n" cLRD "[-] " cRST
        "Oops, unable to find the 'afl-qemu-trace' binary. The binary must be "
        "built\n"
-       "    separately by following the instructions in qemu_mode/README.qemu. "
+       "    separately by following the instructions in qemu_mode/README.md. "
        "If you\n"
        "    already have the binary installed, you may need to specify "
        "AFL_PATH in the\n"
@@ -259,7 +259,7 @@ char** get_wine_argv(u8* own_loc, char** argv, int argc) {
   SAYF("\n" cLRD "[-] " cRST
        "Oops, unable to find the '%s' binary. The binary must be "
        "built\n"
-       "    separately by following the instructions in qemu_mode/README.qemu. "
+       "    separately by following the instructions in qemu_mode/README.md. "
        "If you\n"
        "    already have the binary installed, you may need to specify "
        "AFL_PATH in the\n"

src/afl-fuzz-init.c

@@ -1980,11 +1980,11 @@ void check_binary(u8* fname) {
         "while\n"
         "    mutating the input data. For more information, and for tips on "
         "how to\n"
-        "    instrument binaries, please see %s/README.\n\n"
+        "    instrument binaries, please see %s/README.md.\n\n"
 
         "    When source code is not available, you may be able to leverage "
         "QEMU\n"
-        "    mode support. Consult the README for tips on how to enable this.\n"
+        "    mode support. Consult the README.md for tips on how to enable this.\n"
 
         "    (It is also possible to use afl-fuzz as a traditional, \"dumb\" "
         "fuzzer.\n"

src/afl-fuzz.c

@@ -112,7 +112,7 @@ static void usage(u8* argv0) {
       "entering the\n"
       "                  pacemaker mode (minutes of no new paths, 0 = "
       "immediately).\n"
-      "                  a recommended value is 10-60. see docs/README.MOpt\n"
+      "                  a recommended value is 10-60. see docs/README.MOpt.md\n"
       "  -c program    - enable CmpLog by specifying a binary compiled for "
       "it.\n"
       "                  if using QEMU, just use -c 0.\n\n"
@@ -121,7 +121,7 @@ static void usage(u8* argv0) {
       "  -N            - do not unlink the fuzzing input file\n"
       "  -d            - quick & dirty mode (skips deterministic steps)\n"
       "  -n            - fuzz without instrumentation (dumb mode)\n"
-      "  -x dir        - optional fuzzer dictionary (see README, its really "
+      "  -x dir        - optional fuzzer dictionary (see README.md, its really "
       "good!)\n\n"
 
       "Testing settings:\n"
@@ -1087,7 +1087,7 @@ int main(int argc, char** argv, char** envp) {
 
     SAYF("\n" cYEL "[!] " cRST
          "Stopped during the first cycle, results may be incomplete.\n"
-         "    (For info on resuming, see %s/README)\n",
+         "    (For info on resuming, see %s/README.md)\n",
          doc_path);
 
   }

src/afl-showmap.c

@@ -647,7 +647,7 @@ static void usage(u8* argv0) {
       "  -c            - allow core dumps\n\n"
 
       "This tool displays raw tuple data captured by AFL instrumentation.\n"
-      "For additional help, consult %s/README.\n\n" cRST,
+      "For additional help, consult %s/README.md.\n\n" cRST,
 
       argv0, MEM_LIMIT, doc_path);